MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Removing template elements fixed, fixes #899

pull/909/head
Iglocska 2016-02-03 09:59:35 +01:00
parent 07a03abdc7
commit f441d212f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/TemplateElementsController.php
View File

@ -217,9 +217,9 @@ class TemplateElementsController extends AppController {
public function delete($id) {
if (!$this->request->is('ajax')) Throw new MethodNotAllowedException('This action is for ajax requests only.');
$this->TemplateElement->read(null, $id);
if (!$this->_isSiteAdmin() && !$this->TemplateElement->Template->checkAuthorisation($this->TemplateElement['Template']['id'], $this->Auth->user(), true)) throw new NotAllowedException('You are not authorised to do that.');
if (!$this->_isSiteAdmin() && !$this->TemplateElement->Template->checkAuthorisation($this->TemplateElement->data['Template']['id'], $this->Auth->user(), true)) throw new NotAllowedException('You are not authorised to do that.');
if ($this->request->is('post')) {
if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['name'] == $this->TemplateElement->data['TemplateElement']['org']) {
if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['name'] == $this->TemplateElement->data['Template']['org']) {
// check permissions
if (empty($this->TemplateElement->data)) throw new NotFoundException();
$type = 'TemplateElement' . ucfirst($this->TemplateElement->data['TemplateElement']['element_definition']);